On 8/20/05, Tom London <selinux@gmail.com> wrote:
Running strict/enforcing, today's rawhide.
gdm fails to start (many initrc_t/xserver_t type failures).
I would normally guess a missing transition, but there are some reports of problems with gcc4/-Os.
Regardless, gdm starts fine in permissive mode.
OK..... 2 small 'fixes' seem to make this work:
--- /tmp/xdm.fc 2005-08-21 14:02:59.000000000 -0700
+++ ./xdm.fc 2005-08-21 13:45:22.000000000 -0700
@@ -2,8 +2,8 @@
/usr/bin/[xgkw]dm -- system_u:object_r:xdm_exec_t
/usr/X11R6/bin/[xgkw]dm -- system_u:object_r:xdm_exec_t
/opt/kde3/bin/kdm -- system_u:object_r:xdm_exec_t
-/usr/bin/gpe-dm -- system_u:object_r:xdm_exec_t
-/usr/bin/gdm-binary -- system_u:object_r:xdm_exec_t
+/usr/(s)?bin/gpe-dm -- system_u:object_r:xdm_exec_t
+/usr/(s)?bin/gdm-binary -- system_u:object_r:xdm_exec_t
/var/[xgk]dm(/.*)? system_u:object_r:xserver_log_t
/usr/var/[xgkw]dm(/.*)? system_u:object_r:xserver_log_t
/var/log/[kw]dm\.log -- system_u:object_r:xserver_log_t
And,
--- /tmp/xdm.te 2005-08-21 14:04:29.000000000 -0700
+++ ./xdm.te 2005-08-21 13:44:13.000000000 -0700
@@ -21,7 +21,7 @@
daemon_domain(xdm, `, privuser, privrole, auth_chkpwd, privowner, privmem, nscd_client_domain')
# for running xdm from init
-domain_auto_trans(init_t, xdm_exec_t, xdm_t)
+domain_auto_trans({ init_t initrc_t }, xdm_exec_t, xdm_t)
allow xdm_t xdm_var_run_t:dir setattr;
tom
--
Tom London